From b6e9022deebc115cd4fb999911802bde8c84f6be Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Fri, 19 Jun 2026 00:51:20 +0300 Subject: [PATCH 01/19] Harden GitHub workflows --- .github/workflows/build.yml | 4 +++- .github/workflows/composer-require-checker.yml | 4 +++- .github/workflows/mutation.yml | 4 +++- .github/workflows/rector.yml | 4 +++- .github/workflows/static.yml | 4 +++- 5 files changed, 15 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f8bd14f..94e9c60 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,9 +22,11 @@ on: name: build +permissions: + contents: read jobs: phpunit: - uses: yiisoft/actions/.github/workflows/phpunit.yml@master + uses: yiisoft/actions/.github/workflows/phpunit.yml@ab62d6b3b0e0cff6c9724ec5a395bedb41c639a2 with: os: >- ['ubuntu-latest', 'windows-latest'] diff --git a/.github/workflows/composer-require-checker.yml b/.github/workflows/composer-require-checker.yml index c0134fa..1bc529b 100644 --- a/.github/workflows/composer-require-checker.yml +++ b/.github/workflows/composer-require-checker.yml @@ -24,9 +24,11 @@ on: name: Composer require checker +permissions: + contents: read jobs: composer-require-checker: - uses: yiisoft/actions/.github/workflows/composer-require-checker.yml@master + uses: yiisoft/actions/.github/workflows/composer-require-checker.yml@ab62d6b3b0e0cff6c9724ec5a395bedb41c639a2 with: os: >- ['ubuntu-latest'] diff --git a/.github/workflows/mutation.yml b/.github/workflows/mutation.yml index 8150499..76e72b3 100644 --- a/.github/workflows/mutation.yml +++ b/.github/workflows/mutation.yml @@ -20,9 +20,11 @@ on: name: mutation test +permissions: + contents: read jobs: mutation: - uses: yiisoft/actions/.github/workflows/roave-infection.yml@master + uses: yiisoft/actions/.github/workflows/roave-infection.yml@ab62d6b3b0e0cff6c9724ec5a395bedb41c639a2 with: os: >- ['ubuntu-latest'] diff --git a/.github/workflows/rector.yml b/.github/workflows/rector.yml index bd79331..7db506d 100644 --- a/.github/workflows/rector.yml +++ b/.github/workflows/rector.yml @@ -11,9 +11,11 @@ on: name: rector +permissions: + contents: read jobs: rector: - uses: yiisoft/actions/.github/workflows/rector.yml@master + uses: yiisoft/actions/.github/workflows/rector.yml@ab62d6b3b0e0cff6c9724ec5a395bedb41c639a2 secrets: token: ${{ secrets.YIISOFT_GITHUB_TOKEN }} with: diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml index 72f669b..659d837 100644 --- a/.github/workflows/static.yml +++ b/.github/workflows/static.yml @@ -22,9 +22,11 @@ on: name: static analysis +permissions: + contents: read jobs: psalm: - uses: yiisoft/actions/.github/workflows/psalm.yml@master + uses: yiisoft/actions/.github/workflows/psalm.yml@ab62d6b3b0e0cff6c9724ec5a395bedb41c639a2 with: os: >- ['ubuntu-latest'] From 639521c7a2c2fa6ee3179040d5f27ef8847e76a1 Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Fri, 19 Jun 2026 02:21:15 +0300 Subject: [PATCH 02/19] Add zizmorify configuration --- .github/dependabot.yml | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index db86156..6cc0071 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,16 +1,8 @@ version: 2 updates: - # Maintain dependencies for GitHub Actions. - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "daily" - # Too noisy. See https://github.community/t/increase-if-necessary-for-github-actions-in-dependabot/179581 - open-pull-requests-limit: 0 - - # Maintain dependencies for Composer - - package-ecosystem: "composer" - directory: "/" - schedule: - interval: "daily" - versioning-strategy: increase-if-necessary + interval: "weekly" + cooldown: + default-days: 7 From 19a689492793f7a757246d797c0284db9e815d56 Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Fri, 19 Jun 2026 02:40:54 +0300 Subject: [PATCH 03/19] Add zizmorify workflow --- .github/workflows/zizmor.yml | 37 ++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/zizmor.yml diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml new file mode 100644 index 0000000..e9b7e06 --- /dev/null +++ b/.github/workflows/zizmor.yml @@ -0,0 +1,37 @@ +name: GitHub Actions Security Analysis with zizmor 🌈 + +on: + push: + branches: + - main + paths: + - '.github/**.yml' + - '.github/**.yaml' + pull_request: + paths: + - '.github/**.yml' + - '.github/**.yaml' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + zizmor: + name: Run zizmor 🌈 + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Run zizmor 🌈 + uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 + with: + advanced-security: false + annotations: true + persona: 'pedantic' From a8690a1b9fec512bd2243a99043daeaad3705b95 Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Fri, 19 Jun 2026 12:06:55 +0300 Subject: [PATCH 04/19] Restore Dependabot non-GitHub-Actions updates --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6cc0071..b185d42 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,5 +1,11 @@ version: 2 updates: + # Maintain dependencies for GitHub Actions. + - package-ecosystem: "composer" + directory: "/" + schedule: + interval: "daily" + versioning-strategy: increase-if-necessary - package-ecosystem: "github-actions" directory: "/" schedule: From bf6ae7ffa84f2523dc62d39683dfa8d3dc16b470 Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Fri, 19 Jun 2026 12:14:27 +0300 Subject: [PATCH 05/19] Restore Dependabot non-GitHub-Actions updates --- .github/dependabot.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b185d42..988aa61 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,8 @@ version: 2 updates: # Maintain dependencies for GitHub Actions. + + # Maintain dependencies for Composer - package-ecosystem: "composer" directory: "/" schedule: From ec6c39e6c6d8c9a2aaee25ee738830aac85c46ae Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Fri, 19 Jun 2026 12:21:23 +0300 Subject: [PATCH 06/19] Restore Dependabot non-GitHub-Actions updates --- .github/dependabot.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 988aa61..41b2db6 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,5 @@ version: 2 updates: - # Maintain dependencies for GitHub Actions. # Maintain dependencies for Composer - package-ecosystem: "composer" From 7961ff78accdf91736db7fbe084313516251a091 Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Fri, 19 Jun 2026 12:31:28 +0300 Subject: [PATCH 07/19] Restore Dependabot non-GitHub-Actions updates --- .github/dependabot.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 41b2db6..0088948 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,5 @@ version: 2 updates: - # Maintain dependencies for Composer - package-ecosystem: "composer" directory: "/" From cfd7b7852063af6234914535b130292856e0180a Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Fri, 19 Jun 2026 12:56:03 +0300 Subject: [PATCH 08/19] Remove Rector pull_request_target inputs --- .github/workflows/rector.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/rector.yml b/.github/workflows/rector.yml index 7db506d..3aef7d9 100644 --- a/.github/workflows/rector.yml +++ b/.github/workflows/rector.yml @@ -16,8 +16,6 @@ permissions: jobs: rector: uses: yiisoft/actions/.github/workflows/rector.yml@ab62d6b3b0e0cff6c9724ec5a395bedb41c639a2 - secrets: - token: ${{ secrets.YIISOFT_GITHUB_TOKEN }} with: os: >- ['ubuntu-latest'] From cf503cec30ec62dc2ed85c05bedc7ea94e5843e5 Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Fri, 19 Jun 2026 12:56:07 +0300 Subject: [PATCH 09/19] Remove Rector pull_request_target inputs --- .github/workflows/rector.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/rector.yml b/.github/workflows/rector.yml index bd79331..c597e60 100644 --- a/.github/workflows/rector.yml +++ b/.github/workflows/rector.yml @@ -14,8 +14,6 @@ name: rector jobs: rector: uses: yiisoft/actions/.github/workflows/rector.yml@master - secrets: - token: ${{ secrets.YIISOFT_GITHUB_TOKEN }} with: os: >- ['ubuntu-latest'] From c98dd7aa858f09c5574b98666b89e5133e8d6e25 Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Sat, 20 Jun 2026 11:54:53 +0300 Subject: [PATCH 10/19] Use master for yiisoft actions --- .github/workflows/build.yml | 2 +- .github/workflows/composer-require-checker.yml | 2 +- .github/workflows/mutation.yml | 2 +- .github/workflows/rector.yml | 2 +- .github/workflows/static.yml | 2 +- .github/zizmor.yml | 5 +++++ 6 files changed, 10 insertions(+), 5 deletions(-) create mode 100644 .github/zizmor.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 94e9c60..9a3eb89 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -26,7 +26,7 @@ permissions: contents: read jobs: phpunit: - uses: yiisoft/actions/.github/workflows/phpunit.yml@ab62d6b3b0e0cff6c9724ec5a395bedb41c639a2 + uses: yiisoft/actions/.github/workflows/phpunit.yml@master with: os: >- ['ubuntu-latest', 'windows-latest'] diff --git a/.github/workflows/composer-require-checker.yml b/.github/workflows/composer-require-checker.yml index 1bc529b..b5cb15d 100644 --- a/.github/workflows/composer-require-checker.yml +++ b/.github/workflows/composer-require-checker.yml @@ -28,7 +28,7 @@ permissions: contents: read jobs: composer-require-checker: - uses: yiisoft/actions/.github/workflows/composer-require-checker.yml@ab62d6b3b0e0cff6c9724ec5a395bedb41c639a2 + uses: yiisoft/actions/.github/workflows/composer-require-checker.yml@master with: os: >- ['ubuntu-latest'] diff --git a/.github/workflows/mutation.yml b/.github/workflows/mutation.yml index 76e72b3..c0c78fc 100644 --- a/.github/workflows/mutation.yml +++ b/.github/workflows/mutation.yml @@ -24,7 +24,7 @@ permissions: contents: read jobs: mutation: - uses: yiisoft/actions/.github/workflows/roave-infection.yml@ab62d6b3b0e0cff6c9724ec5a395bedb41c639a2 + uses: yiisoft/actions/.github/workflows/roave-infection.yml@master with: os: >- ['ubuntu-latest'] diff --git a/.github/workflows/rector.yml b/.github/workflows/rector.yml index 3aef7d9..ee1364a 100644 --- a/.github/workflows/rector.yml +++ b/.github/workflows/rector.yml @@ -15,7 +15,7 @@ permissions: contents: read jobs: rector: - uses: yiisoft/actions/.github/workflows/rector.yml@ab62d6b3b0e0cff6c9724ec5a395bedb41c639a2 + uses: yiisoft/actions/.github/workflows/rector.yml@master with: os: >- ['ubuntu-latest'] diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml index 659d837..5ff6c2f 100644 --- a/.github/workflows/static.yml +++ b/.github/workflows/static.yml @@ -26,7 +26,7 @@ permissions: contents: read jobs: psalm: - uses: yiisoft/actions/.github/workflows/psalm.yml@ab62d6b3b0e0cff6c9724ec5a395bedb41c639a2 + uses: yiisoft/actions/.github/workflows/psalm.yml@master with: os: >- ['ubuntu-latest'] diff --git a/.github/zizmor.yml b/.github/zizmor.yml new file mode 100644 index 0000000..85ca798 --- /dev/null +++ b/.github/zizmor.yml @@ -0,0 +1,5 @@ +rules: + unpinned-uses: + config: + policies: + "yiisoft/*": any From 9db94641315a49c4b0b00fd04ced9822424d7a7b Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Sat, 20 Jun 2026 11:54:58 +0300 Subject: [PATCH 11/19] Use master for yiisoft actions --- .github/zizmor.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .github/zizmor.yml diff --git a/.github/zizmor.yml b/.github/zizmor.yml new file mode 100644 index 0000000..85ca798 --- /dev/null +++ b/.github/zizmor.yml @@ -0,0 +1,5 @@ +rules: + unpinned-uses: + config: + policies: + "yiisoft/*": any From d30cff10107ba4901873c395361c858301ce9d79 Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Sat, 20 Jun 2026 12:24:14 +0300 Subject: [PATCH 12/19] Use master for yiisoft actions --- .github/dependabot.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index db86156..7da1f95 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,6 +9,8 @@ updates: open-pull-requests-limit: 0 # Maintain dependencies for Composer + ignore: + - dependency-name: "yiisoft/*" - package-ecosystem: "composer" directory: "/" schedule: From a1ea939ee358ddd3dbbf845bb4c2cdf4e5419288 Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Sat, 20 Jun 2026 12:24:19 +0300 Subject: [PATCH 13/19] Use master for yiisoft actions --- .github/dependabot.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0088948..0510f85 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -12,3 +12,5 @@ updates: interval: "weekly" cooldown: default-days: 7 + ignore: + - dependency-name: "yiisoft/*" From 5b069262c9ddacb034ebdba90cd470e33e9243b6 Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Sun, 21 Jun 2026 15:26:47 +0300 Subject: [PATCH 14/19] Remove redundant zizmor config --- .github/zizmor.yml | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 .github/zizmor.yml diff --git a/.github/zizmor.yml b/.github/zizmor.yml deleted file mode 100644 index 85ca798..0000000 --- a/.github/zizmor.yml +++ /dev/null @@ -1,5 +0,0 @@ -rules: - unpinned-uses: - config: - policies: - "yiisoft/*": any From bd19891329ef3febb6738040900680d5e42e95e2 Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Thu, 25 Jun 2026 00:47:05 +0300 Subject: [PATCH 15/19] Fix zizmor workflow findings --- .github/dependabot.yml | 2 ++ .github/workflows/zizmor.yml | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a47ec9b..10f7e30 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -15,4 +15,6 @@ updates: directory: "/" schedule: interval: "daily" + cooldown: + default-days: 7 versioning-strategy: increase-if-necessary diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 9465846..430255d 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -14,8 +14,8 @@ on: - '.github/**.yaml' permissions: - actions: read - contents: read + actions: read # Required by zizmor when reading workflow metadata through the API. + contents: read # Required to read workflow files. jobs: zizmor: From eee5b62afd1f0cc535f9f5805b215b0771553158 Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Thu, 2 Jul 2026 23:01:44 +0300 Subject: [PATCH 16/19] Fix CI on empty package skeleton --- .../workflows/composer-require-checker.yml | 19 +++++++++++++++++++ .github/workflows/mutation.yml | 19 +++++++++++++++++++ composer.json | 14 +++++++------- 3 files changed, 45 insertions(+), 7 deletions(-) diff --git a/.github/workflows/composer-require-checker.yml b/.github/workflows/composer-require-checker.yml index b5cb15d..0759902 100644 --- a/.github/workflows/composer-require-checker.yml +++ b/.github/workflows/composer-require-checker.yml @@ -27,7 +27,26 @@ name: Composer require checker permissions: contents: read jobs: + detect-source: + runs-on: ubuntu-latest + outputs: + has-source: ${{ steps.source.outputs.has-source }} + steps: + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + with: + persist-credentials: false + + - id: source + run: | + if [ -n "$(find src -type f -name '*.php' -print -quit 2>/dev/null)" ]; then + echo "has-source=true" >> "$GITHUB_OUTPUT" + else + echo "has-source=false" >> "$GITHUB_OUTPUT" + fi + composer-require-checker: + needs: detect-source + if: ${{ needs.detect-source.outputs.has-source == 'true' }} uses: yiisoft/actions/.github/workflows/composer-require-checker.yml@master with: os: >- diff --git a/.github/workflows/mutation.yml b/.github/workflows/mutation.yml index c0c78fc..97c367c 100644 --- a/.github/workflows/mutation.yml +++ b/.github/workflows/mutation.yml @@ -23,7 +23,26 @@ name: mutation test permissions: contents: read jobs: + detect-source: + runs-on: ubuntu-latest + outputs: + has-source: ${{ steps.source.outputs.has-source }} + steps: + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + with: + persist-credentials: false + + - id: source + run: | + if [ -n "$(find src -type f -name '*.php' -print -quit 2>/dev/null)" ]; then + echo "has-source=true" >> "$GITHUB_OUTPUT" + else + echo "has-source=false" >> "$GITHUB_OUTPUT" + fi + mutation: + needs: detect-source + if: ${{ needs.detect-source.outputs.has-source == 'true' }} uses: yiisoft/actions/.github/workflows/roave-infection.yml@master with: os: >- diff --git a/composer.json b/composer.json index 461dab0..1f5821c 100644 --- a/composer.json +++ b/composer.json @@ -1,19 +1,19 @@ { - "name": "yiisoft/_____", + "name": "yiisoft/sockets", "type": "library", - "description": "_____", + "description": "Socket abstractions for Yii", "keywords": [ - "_____" + "sockets" ], "homepage": "https://www.yiiframework.com/", "license": "BSD-3-Clause", "support": { - "issues": "https://github.com/yiisoft/_____/issues?state=open", + "issues": "https://github.com/yiisoft/sockets/issues?state=open", "forum": "https://www.yiiframework.com/forum/", "wiki": "https://www.yiiframework.com/wiki/", "irc": "ircs://irc.libera.chat:6697/yii", "chat": "https://t.me/yii3en", - "source": "https://github.com/yiisoft/_____" + "source": "https://github.com/yiisoft/sockets" }, "funding": [ { @@ -40,12 +40,12 @@ }, "autoload": { "psr-4": { - "Yiisoft\\_____\\": "src" + "Yiisoft\\Sockets\\": "src" } }, "autoload-dev": { "psr-4": { - "Yiisoft\\_____\\Tests\\": "tests" + "Yiisoft\\Sockets\\Tests\\": "tests" } }, "config": { From 56591012415666ffcf8a744f7a61e9accfe5f225 Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Thu, 2 Jul 2026 23:03:43 +0300 Subject: [PATCH 17/19] Skip Rector on empty source tree --- .github/workflows/rector.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/.github/workflows/rector.yml b/.github/workflows/rector.yml index ee1364a..92009b0 100644 --- a/.github/workflows/rector.yml +++ b/.github/workflows/rector.yml @@ -14,7 +14,28 @@ name: rector permissions: contents: read jobs: + detect-source: + runs-on: ubuntu-latest + outputs: + has-source: ${{ steps.source.outputs.has-source }} + steps: + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + with: + persist-credentials: false + + - id: source + run: | + if [ -n "$(find src -type f -name '*.php' -print -quit 2>/dev/null)" ]; then + echo "has-source=true" >> "$GITHUB_OUTPUT" + else + echo "has-source=false" >> "$GITHUB_OUTPUT" + fi + rector: + needs: detect-source + if: ${{ needs.detect-source.outputs.has-source == 'true' }} + permissions: + contents: write uses: yiisoft/actions/.github/workflows/rector.yml@master with: os: >- From 05ee67b330fb8dcf243a2ead6834dcebbf34965f Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Thu, 2 Jul 2026 23:08:30 +0300 Subject: [PATCH 18/19] Skip PHPUnit on empty source tree --- .github/workflows/build.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9a3eb89..fa716bc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,7 +25,26 @@ name: build permissions: contents: read jobs: + detect-source: + runs-on: ubuntu-latest + outputs: + has-source: ${{ steps.source.outputs.has-source }} + steps: + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + with: + persist-credentials: false + + - id: source + run: | + if [ -n "$(find src -type f -name '*.php' -print -quit 2>/dev/null)" ]; then + echo "has-source=true" >> "$GITHUB_OUTPUT" + else + echo "has-source=false" >> "$GITHUB_OUTPUT" + fi + phpunit: + needs: detect-source + if: ${{ needs.detect-source.outputs.has-source == 'true' }} uses: yiisoft/actions/.github/workflows/phpunit.yml@master with: os: >- From 6224b7474a623cc623413d4d575b7c5410ff537e Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Thu, 2 Jul 2026 23:19:50 +0300 Subject: [PATCH 19/19] Fix zizmor findings in source detectors --- .github/workflows/build.yml | 7 ++++++- .github/workflows/composer-require-checker.yml | 7 ++++++- .github/workflows/mutation.yml | 7 ++++++- .github/workflows/rector.yml | 9 +++++++-- 4 files changed, 25 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fa716bc..76e5195 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,15 +22,20 @@ on: name: build +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + permissions: contents: read jobs: detect-source: + name: Detect PHP source runs-on: ubuntu-latest outputs: has-source: ${{ steps.source.outputs.has-source }} steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/composer-require-checker.yml b/.github/workflows/composer-require-checker.yml index 0759902..7835536 100644 --- a/.github/workflows/composer-require-checker.yml +++ b/.github/workflows/composer-require-checker.yml @@ -24,15 +24,20 @@ on: name: Composer require checker +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + permissions: contents: read jobs: detect-source: + name: Detect PHP source runs-on: ubuntu-latest outputs: has-source: ${{ steps.source.outputs.has-source }} steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/mutation.yml b/.github/workflows/mutation.yml index 97c367c..48748f0 100644 --- a/.github/workflows/mutation.yml +++ b/.github/workflows/mutation.yml @@ -20,15 +20,20 @@ on: name: mutation test +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + permissions: contents: read jobs: detect-source: + name: Detect PHP source runs-on: ubuntu-latest outputs: has-source: ${{ steps.source.outputs.has-source }} steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/rector.yml b/.github/workflows/rector.yml index 92009b0..cf49e14 100644 --- a/.github/workflows/rector.yml +++ b/.github/workflows/rector.yml @@ -11,15 +11,20 @@ on: name: rector +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + permissions: contents: read jobs: detect-source: + name: Detect PHP source runs-on: ubuntu-latest outputs: has-source: ${{ steps.source.outputs.has-source }} steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -35,7 +40,7 @@ jobs: needs: detect-source if: ${{ needs.detect-source.outputs.has-source == 'true' }} permissions: - contents: write + contents: write # Required by the reusable Rector workflow to commit fixes to same-repository branches. uses: yiisoft/actions/.github/workflows/rector.yml@master with: os: >-